手机用户需要注册到网络中才能获取相应的服务。这种注册被称作网络附着。在附着的过程中,在终端和EPS间,一个具有持久连通性的IP连接被默认的EPS承载建立了起来。
手机附着的过程中也许会触发一个或多个Dedicated Bearer Establishment的过程,来帮助完成手机到EPS承载的建立。在附着的过程中,手机会请求一个IP。附着初始化的过程中会从手机获取移动设备ID(Mobile Equipment Identity ME ID)。MME会通过EIR检查此设备MEID的合法性。
下图是附着的基本的流程
The UE initiates the Attach procedure by the transmission, to the eNodeB, of an Attach Request (IMSI or old GUTI, last visited TAI (if available), UE Core Network Capability, UE Specific DRX parameters, Attach Type, ESM message container (Request Type, PDN Type, Protocol Configuration Options, Ciphered Options Transfer Flag), KSIASME, NAS sequence number, NAS-MAC, additional GUTI, P-TMSI signature) message together with RRC parameters indicating the Selected Network and the old GUMMEI. The old GUTI may be derived from a P TMSI and RAI. IMSI shall be included if the UE does not have a valid GUTI or a valid P TMSI available. The UE stores the TIN in detached state. If the UE's TIN indicates "GUTI" or "RAT-related TMSI" and the UE holds a valid GUTI then the old GUTI indicates this valid GUTI. If the UE's TIN indicates "P TMSI" and the UE holds a valid P TMSI and related RAI then these two elements are indicated as the old GUTI. Mapping a P TMSI and RAI to a GUTI is specified in TS 23.003 [9]. If the UE holds a valid GUTI and the old GUTI indicates a GUTI mapped from a P-TMSI and RAI, then the UE indicates the GUTI as additional GUTI. If the old GUTI indicates a GUTI mapped from a P-TMSI and RAI and the UE has a valid P-TMSI signature associated to it, the P-TMSI signature shall be included.
If available, the last visited TAI shall be included in order to help the MME produce a good list of TAIs for any subsequent Attach Accept message. Selected Network indicates the PLMN that is selected for network sharing purposes. The RRC parameter "old GUMMEI" takes its value from the "old GUTI" contained in the Attach Request. UE Network Capability is described in UE capabilities, see clause 5.11.If the UE has valid security parameters, the Attach Request message shall be integrity protected by the NAS-MAC in order to allow validation of the UE by the MME. KSIASME, NAS sequence number and NAS-MAC are included if the UE has valid EPS security parameters. NAS sequence number indicates the sequential number of the NAS message. If the UE does not have a valid EPS security association, then the Attach Request message is not integrity protected. In this case the security association is established in step 5a. The UE network capabilities indicate also the supported NAS and AS security algorithms. PDN type indicates the requested IP version (IPv4, IPv4/IPv6, IPv6). Protocol Configuration Options (PCO) are used to transfer parameters between the UE and the PDN GW, and are sent transparently through the MME and the Serving GW. The Protocol Configuration Options may include the Address Allocation Preference indicating that the UE prefers to obtain an IPv4 address only after the default bearer activation by means of DHCPv4. If the UE intends to send PCO which require ciphering (e.g., PAP/CHAP usernames and passwords) or send an APN, or both, the UE shall set the Ciphered Options Transfer Flag and send PCO or APN or both only after authentication and NAS security setup have been completed (see below). If the UE has UTRAN or GERAN capabilities, it should send the NRSU in the PCO to indicate the support of the network requested bearer control in UTRAN/GERAN. Request Type is included in the ESM message container and indicates "Handover" when the UE has already an activated PDN GW/HA due to mobility with non-3GPP accesses. Attach Type indicates whether it is an EPS or a combined EPS/IMSI attach.
手机通过发送Attach Request来发起附着的过程。其中会包含一些必要的参数,如原文中所示。其中例如:如果手机没有有效的GUTI 或PTMSI,则手机一定要提供IMSI,其他的还有TIN,GUTI等也存在着相互依赖的关系。在安全方面,如果手机有有效的安全参数,Attach Request消息会被NAS-MAC完整的保护起来。
Step 2
The eNodeB derives the MME from the RRC parameters carrying the old GUMMEI and the indicated Selected Network. If that MME is not associated with the eNodeB or the old GUMMEI is not available, the eNodeB selects an MME as described in clause 4.3.8.3 on "MME selection function". The eNodeB forwards the Attach Request message to the new MME contained in a S1-MME control message (Initial UE message) together with the Selected Network and TAI+ECGI of the cell from where it received the message to the new MME.
eNodeB会通过GUMMEI来选择网络,或者eNodeB直接连接一个新的MME,并且转发Attach Request 消息。
The additional GUTI in the Attach Request message allows the new MME to find any already existing UE context stored in the new MME when the old GUTI indicates a value mapped from a P-TMSI and RAI.
在和新的MME通信过程中,如果手机使用了GUTI来标识自己,新的MME会通过GUTI获得上次为手机服务的MME/SGSN的地址,并且向其发送Identification Request (old GUTI, complete Attach Request message)来请求IMSI。如果Identification Request被发送到老的MME或SGSN, 则他们分别通过NAS MAC和P-TMSI signature对请求进行验证,如果通过验证会返回Identification Response (IMSI, MM Context)。
Step 4
If the UE is unknown in both the old MME/SGSN and new MME, the new MME sends an Identity Request to the UE to request the IMSI. The UE responds with Identity Response (IMSI).
如果老的MME/SGSN并不知道该手机,新的MME则会通过向手机发送 Identity Request来请求手机的IMSI,手机则通过Identity Response (IMSI)返回IMSI。
After step 5a, all NAS messages shall be protected by the NAS security functions (integrity and ciphering) indicated by the MME.
如果手机在网络中不存在上下文,如果手机发送的Attach Request 没有完整性保护或者验证失败,这会激活系统中的NAS security setup。
The ME Identity shall be retrieved from the UE. The ME identity shall be transferred encrypted. In order to minimise signalling delays, the retrieval of the ME Identity may be combined with NAS security setup in step 5a. The MME may send the ME Identity Check Request (ME Identity, IMSI) to the EIR. The EIR shall respond with ME Identity Check Ack (Result). Dependent upon the Result, the MME decides whether to continue with this Attach procedure or to reject the UE.
手机会通过加密方式取回ME Identity。同时MME会向EIR发起认证。
If the UE has set the Ciphered Options Transfer Flag in the Attach Request message, the Ciphered Options i.e. PCO or APN or both, shall now be retrieved from the UE.
In order to handle situations where the UE may have subscriptions to multiple PDNs, if the Protocol Configuration Options contains user credentials (e.g. user name/password within PAP or CHAP parameters) then the UE should also send the APN to the MME.
如果在Attach Request消息中手机设置了Ciphered Options Transfer Flag,MME则会向UE查询Ciphered Options(PCO or APN or both)。
如果手机和新的MME间存在着承载上下文关系,那么新的MME需要用Delete Session Request (TEIDs) 来删除这个关系。网关使用Delete Session Response (TEIDs) 来响应这个消息。
If the MME has changed since the last detach, or if there is no valid subscription context for the UE in the MME, or if the ME identity has changed, or if the UE provides an IMSI or the UE provides an old GUTI which doesn't refer to a valid context in the MME, the MME sends an Update Location Request (MME Identity, IMSI, ME Identity, MME Capabilities, Update Type) message to the HSS. The MME capabilities indicate the MME's support for regional access restrictions functionality. Update Type indicates this is Attach procedure.
如果手机和MME间之前没有任何关系,例如手机和MME间没有订阅上下文,ME identity改变了,等等。MME会发送Update Location Request (MME Identity, IMSI, ME Identity, MME Capabilities, Update Type)到HSS来更新手机的位置。
HSS 会发送Cancel Location (IMSI, Cancellation Type) 到老的MME,老的MME通过Cancel Location Ack (IMSI)来响应并且删除和手机间的MM和承载上下文。
If there are active bearer contexts in the old MME/SGSN for this particular UE, the old MME/SGSN deletes these bearer contexts by sending Delete Session Request (TEIDs) messages to the GWs involved. The GWs return Delete Session Response (TEIDs) message to the old MME/SGSN. If a PCRF is deployed, the PDN GW employs an IP CAN Session Termination procedure as defined in TS 23.203 [6] to indicate that resources have been released.
如果在老的MME/SGSN和手机间存在着承载上下文,老的MME/SGSN可以通过向GWs 发送elete Session Request (TEIDs) 来删除。GWs 则返回Delete Session Response (TEIDs) 。
The HSS acknowledges the Update Location message by sending an Update Location Ack (IMSI, Subscription data) message to the new MME. The Subscription Data contain one or more PDN subscription contexts. Each PDN subscription context contains an 'EPS subscribed QoS profile' and the subscribed APN-AMBR (see clause 4.7.3). The new MME validates the UE's presence in the (new) TA. If due to regional subscription restrictions or access restrictions the UE is not allowed to attach in the TA or due to subscription checking fails for other reasons, the new MME rejects the Attach Request with an appropriate cause. If all checks are successful then the new MME constructs a context for the UE. If the APN provided by the UE is not allowed by subscription, or the Update Location is rejected by the HSS, the new MME rejects the Attach Request from the UE with an appropriate cause.
HSS通过发送Update Location Ack (IMSI, Subscription data)来响应新的MME发送的Update Location。
If a subscribed PDN address is allocated for the UE for this APN, the PDN subscription context contains the UE's IPv4 address and/or the IPv6 prefix and optionally the PDN GW identity. If the PDN subscription context contains a subscribed IPv4 address and/or IPv6 prefix, the MME indicates it in the PDN address. For Request Type indicating "Initial Request", if the UE does not provide an APN, the MME shall use the PDN GW corresponding to the default APN for default bearer activation. If the UE provides an APN, this APN shall be employed for default bearer activation. For Request type indicating "Handover", if the UE provides an APN, the MME shall use the PDN GW corresponding to the provided APN for default bearer activation, If the UE does not provide an APN, and the subscription context from HSS contains a PDN GW identity corresponding to the default APN, the MME shall use the PDN GW corresponding to the default APN for default bearer activation. The case where the Request type indicates "Handover" and the UE does not provide an APN, and the subscription context from HSS does not contain a PDN GW identity corresponding to the default APN constitutes an error case. If the Request type indicates "Initial Request" and the selected PDN subscription context contains no PDN GW identity the new MME selects a PDN GW as described in clause 4.3.8.1 on PDN GW selection function (3GPP accesses). If the PDN subscription context contains a dynamically allocated PDN GW identity and the Request Type does not indicate "Handover" the MME may select a new PDN GW as described in clause PDN GW selection function, e.g. to allocate a PDN GW that allows for more efficient routing. The new MME selects a Serving GW as described in clause 4.3.8.2 on Serving GW selection function and allocates an EPS Bearer Identity for the Default Bearer associated with the UE. Then it sends a Create Session Request (IMSI, MSISDN, MME TEID for control plane, PDN GW address, PDN Address, APN, RAT type, Default EPS Bearer QoS, PDN Type, APN-AMBR, EPS Bearer Identity, Protocol Configuration Options, Handover Indication, ME Identity, User Location Information (ECGI), MS Info Change Reporting support indication, Selection Mode, Charging Characteristics, Trace Reference, Trace Type, Trigger Id, OMC Identity, Maximum APN Restriction, Dual Address Bearer Flag, the Protocol Type over S5/S8) message to the selected Serving GW.
The RAT type is provided in this message for the later PCC decision. The subscribed APN AMBR for the APN is also provided in this message. The MSISDN is included if provided in the subscription data from the HSS. Handover Indication is included if the Request type indicates handover. Selection Mode indicates whether a subscribed APN was selected, or a non-subscribed APN sent by the UE was selected. Charging Characteristics indicates which kind of charging the bearer context is liable for. The MME may change the requested PDN type according to the subscription data for this APN as described in clause 5.3.1.1. The MME shall set the Dual Address Bearer Flag when the PDN type is set to IPv4v6 and all SGSNs which the UE may be handed over to are Release 8 or above supporting dual addressing, which is determined based on node pre-configuration by the operator. The Protocol Type over S5/S8 is provided to Serving GW which protocol should be used over S5/S8 interface.The Maximum APN Restriction denotes the most stringent restriction as required by any already active bearer context. If there are no already active bearer contexts, this value is set to the least restrictive type (see clause 15.4 of TS 23.060 [7]). If the P GW receives the Maximum APN Restriction, then the P GW shall check if the Maximum APN Restriction value does not conflict with the APN Restriction value associated with this bearer context request. If there is no conflict the request shall be allowed, otherwise the request shall be rejected with sending an appropriate error cause to the UE.
如果PDN分配了IP地址给手机,PDN的订阅上下文会包括IPv4 的地址,或IPv6前缀或可选的PDN GW identity。在发送Create Session Request 前,系统会根据不同的Request Type对于地址的要求进行检查。其中列举了"Initial Request"和"Handover"时对于不同地址的要求。
Step 13
The Serving GW creates a new entry in its EPS Bearer table and sends a Create Session Request (IMSI, MSISDN, APN, Serving GW Address for the user plane, Serving GW TEID of the user plane, Serving GW TEID of the control plane, RAT type, Default EPS Bearer QoS, PDN Type, PDN Address, subscribed APN-AMBR, EPS Bearer Identity, Protocol Configuration Options, Handover Indication, ME Identity, User Location Information (ECGI), MS Info Change Reporting support indication, Selection Mode, Charging Characteristics, Trace Reference, Trace Type, Trigger Id, OMC Identity, Maximum APN Restriction, Dual Address Bearer Flag) message to the PDN GW indicated by the PDN GW address received in the previous step. After this step, the Serving GW buffers any downlink packets it may receive from the PDN GW without sending a Downlink Data Notification message to the MME until it receives the Modify Bearer Request message in step 23 below. The MSISDN is included if received from the MME.
Serving GW创建一个新的实体EPS Bearer table,并且向PDN GW 发送Create Session Request 及相关参数。
If dynamic PCC is deployed and the Handover Indication is not present, the PDN GW performs an IP-CAN Session Establishment procedure as defined in TS 23.203 [6], and thereby obtains the default PCC rules for the UE. This may lead to the establishment of a number of dedicated bearers following the procedures defined in clause 5.4.1 in association with the establishment of the default bearer, which is described in Annex F.
The IMSI, UE IP address, User Location Information (ECGI), Serving Network, RAT type, APN-AMBR, Default EPS Bearer QoS are provided to the PCRF by the PDN GW if received by the previous message. The User Location Information is used for location based charging.In both cases (Handover Indication is present or not), if dynamic PCC is not deployed, the PDN GW may apply local QoS policy. This may lead to the establishment of a number of dedicated bearers for the UE following the procedures defined in clause 5.4.1 in combination with the establishment of the default bearer, which is described in Annex F.
如果网络中部署了PCC,并且Handover Indication标记没有存在,PDN GW会发起一个IP-CAN Session Establishment的过程。如果Handover Indication标记存在,PDN GW则会执行一个PCEF Initiated IP CAN Session Modification过程。
The P GW creates a new entry in its EPS bearer context table and generates a Charging Id. The new entry allows the P GW to route user plane PDUs between the S GW and the packet data network, and to start charging. The way the P GW handles Charging Characteristics that it may have received is defined in TS 32.251 [44].
The PDN GW returns a Create Session Response (PDN GW Address for the user plane, PDN GW TEID of the user plane, PDN GW TEID of the control plane, PDN Type, PDN Address, EPS Bearer Identity, EPS Bearer QoS, Protocol Configuration Options, Charging Id, Prohibit Payload Compression, APN Restriction, Cause, MS Info Change Reporting Action (Start) (if the PDN GW decides to receive UE's location information during the session), APN-AMBR ) message to the Serving GW. The PDN GW takes into account the received PDN type, the Dual Address Bearer Flag and the policies of operator when the PDN GW selects the PDN type to be used as follows. If the received PDN type is IPv4v6 and both IPv4 and IPv6 addressing is possible in the PDN but the Dual Address Bearer Flag is not set, or only single IP version addressing for this APN is possible in the PDN, the PDN GW selects a single IP version (either IPv4 or IPv6). If the received PDN type is IPv4 or IPv6, the PDN GW uses the received PDN type if it is supported in the PDN, otherwise an appropriate error cause will be returned. The PDN GW allocates a PDN Address according to the selected PDN type. If the PDN GW has selected a PDN type different from the received PDN Type, the PDN GW indicates together with the PDN type IE a reason cause to the UE why the PDN type has been modified, as described in clause 5.3.1.1. PDN Address may contain an IPv4 address for IPv4 and/or an IPv6 prefix and an Interface Identifier. If the PDN has been configured by the operator so that the PDN addresses for the requested APN shall be allocated by usage of DHCPv4 only, or if the PDN GW allows the UE to use DHCPv4 for address allocation according to the Address Allocation Preference received from the UE, the PDN Address shall be set to 0.0.0.0, indicating that the IPv4 PDN address shall be negotiated by the UE with DHCPv4 after completion of the Default Bearer Activation procedure. For external PDN addressing for IPv6, the PDN GW obtains the IPv6 prefix from the external PDN using either RADIUS or Diameter client function. In the PDN Address field of the Create Session Response, the PDN GW includes the Interface Identifier and IPv6 prefix. The PDN GW sends Router Advertisement to the UE after default bearer establishment with the IPv6 prefix information for all cases. PDN GW会返回Create Session Response给Serving GW来响应Create Session Request。PDN GW 会根据消息中PDN type, Dual Address Bearer Flag and policies of operator 不同的值来设置网络中通信的参数。
If the MS Info Change Reporting Action (Start) is received for this bearer context, then the S GW shall store this for the bearer context and the S GW shall report to that P GW whenever a UE's location change occurs that meets the P GW request, as described in clause 15.1.1a of TS 23.060 [7].
The Serving GW returns a Create Session Response (PDN Type, PDN Address, Serving GW address for User Plane, Serving GW TEID for User Plane, Serving GW TEID for control plane, EPS Bearer Identity, EPS Bearer QoS, PDN GW addresses and TEIDs (GTP-based S5/S8) or GRE keys (PMIP-based S5/S8) at the PDN GW(s) for uplink traffic, Protocol Configuration Options, Prohibit Payload Compression, APN Restriction, Cause, MS Info Change Reporting Action (Start), APN-AMBR) message to the new MME.
Serving GW 返回Create Session Response给新的MME。
If an APN Restriction is received, then the MME shall store this value for the Bearer Context and the MME shall check this received value with the stored value for the Maximum APN Restriction to ensure there are no conflicts between values. If the Bearer Context is accepted, the MME shall determine a (new) value for the Maximum APN Restriction. If there is no previously stored value for Maximum APN Restriction, then the Maximum APN Restriction shall be set to the value of the received APN Restriction.
If the MS Info Change Reporting Action (Start) is received for this bearer context, then the MME shall store this for the bearer context and the MME shall report whenever a UE's location change occurs that meets the request, as described in clause 15.1.1a of TS 23.060 [7].If the MME or PDN GW has changed the PDN Type, an appropriate reason cause shall be returned to the UE as described in clause 5.3.1.1.
如果MME收到了APN Restriction,他会为Bearer Context来保存这个值,并且MME应该保证收到的值与保存的值没有重复的。新MME发送Attach Accept 到eNodeB如果MME分配了新的GUTI,消息中会包含此id。此消息被包含在S1_MME控制消息Initial Context Setup Request中。
The eNodeB sends the RRC Connection Reconfiguration message including the EPS Radio Bearer Identity to the UE, and the Attach Accept message will be sent along to the UE. The UE shall store the QoS Negotiated, Radio Priority, Packet Flow Id and TI, which it received in the Session Management Request, for use when accessing via GERAN or UTRAN. The APN is provided to the UE to notify it of the APN for which the activated default bearer is associated. For further details, see TS 36.331 [37]. The UE may provide EPS Bearer QoS parameters to the application handling the traffic flow(s). The application usage of the EPS Bearer QoS is implementation dependent. The UE shall not reject the RRC Connection Reconfiguration on the basis of the EPS Bearer QoS parameters contained in the Session Management Request.
When receiving the Attach Accept message the UE shall set its TIN to "GUTI" as no ISR Activated is indicated. eNodeB 发送RRC Connection Reconfiguration给UE,其中包含EPS Radio Bearer Identity,Attach Accept 消息也会被发送到手机。手机会保存QoS Negotiated, Radio Priority, Packet Flow Id and TI用以访问GERAN 或 UTRAN。当手机收到Attach Accept时,在ISR Activated没有被标示的情况下,手机应该把TIN 设置成 "GUTI" 。
The UE sends the RRC Connection Reconfiguration Complete message to the eNodeB. For further details, see TS 36.331 [37].
The eNodeB sends the Initial Context Response message to the new MME. This Initial Context Response message includes the TEID of the eNodeB and the address of the eNodeB used for downlink traffic on the S1_U reference point.
The UE sends a Direct Transfer message to the eNodeB, which includes the Attach Complete (EPS Bearer Identity, NAS sequence number, NAS-MAC) message.
The eNodeB forwards the Attach Complete message to the new MME in an Uplink NAS Transport message.
After the Attach Accept message and once the UE has obtained a PDN Address, the UE can then send uplink packets towards the eNodeB which will then be tunnelled to the Serving GW and PDN GW. If the UE requested for a dual address PDN type (IPv4v6) to a given APN and was granted a single address PDN type (IPv4 or IPv6) by the network with a reason cause indicating that only single IP version per PDN connection is allowed sent together with the PDN type, the UE may request for the activation of a parallel PDN connection to the same APN with a single address PDN type (IPv4 or IPv6) other than the one already activated. If the UE receives no reason cause in step 18 in response to an IPv4v6 PDN type and it receives an IPv6 Interface Identifier apart from the IPv4 address or 0.0.0.0 in the PDN Address field, it considers that the request for a dual address PDN was successful. It can wait for the Router Advertisement from the network with the IPv6 prefix information or it may send Router Solicitation if necessary.
eNodeB转发Attach Complete到新的MME通过上行NAS Transport消息。在Attach Accept 消息后,一旦手机获得了PDN地址,他就可以向eNodeB发送数据包,并且这些包会通过隧道发送到Serving GW 和PDN GW。
Upon reception of both, the Initial Context Response message in step 21 and the Attach Complete message in step 22, the new MME sends a Modify Bearer Request (EPS Bearer Identity, eNodeB address, eNodeB TEID, Handover Indication) message to the Serving GW.
If the Handover Indication is included in step 23, the Serving GW sends a Modify Bearer Request (Handover Indication) message to the PDN GW to prompt the PDN GW to tunnel packets from non 3GPP IP access to 3GPP access system and immediately start routing packets to the Serving GW for the default and any dedicated EPS bearers established.
如果Handover Indication标记被包含在第23步中,Serving GW会发送Modify Bearer Request 到PDN GW 来促使PDN GW 用隧道封装来自非3GPP接入的数据,并且马上开始通过路由把数据发送到Serving GW。
The PDN GW acknowledges by sending Modify Bearer Response to the Serving GW.
The Serving GW acknowledges by sending Modify Bearer Response (EPS Bearer Identity) message to the new MME. The Serving GW can then send its buffered downlink packets.
Serving GW通过发送Modify Bearer Response来响应新的MME,这时Serving GW 可以发送下行的数据包。
After the MME receives Modify Bearer Response (EPS Bearer Identity) message, if Request type does not indicate handover and an EPS bearer was established and the subscription data indicates that the user is allowed to perform handover to non-3GPP accesses, and if the MME selected a PDN GW that is different from the PDN GW identity which was indicated by the HSS in the PDN subscription context, the MME shall send a Notify Request including the APN and PDN GW identity to the HSS for mobility with non-3GPP accesses. The message shall also include information that identifies the PLMN in which the PDN GW is located.
在MME收到 Modify Bearer Response后,如果Request type没有标示handover ,并且EPS承载已经被建立起来了同时订阅数据显示用户允许切换到非3GPP的接入网,如果MME选择的PDN GW与HSS指定的不一致,MME需要向HSS发送APN and PDN GW identity。
The HSS stores the APN and PDN GW identity pair and sends a Notify Response to the MME.